Extension Point : IPermissionStore
| Interface | IPermissionStore | Since | 0.9 |
| Module | trac.perm | Source | perm.py |
The active IPermissionStore implementation stores the permissions and group memberships explicitly granted to users and groups.
Purpose
The TracPermissions system supports granting and revoking of action permissions and of hierarchical groups that bundle and inherit permissions per user. The IPermissionStore interface can be used to replace the storage mechanism for these granted permissions.
Note that to implicitly grant additional permissions to certain users automatically, it is not necessary to implement (or wrap) IPermissionStore. Implement IPermissionGroupProvider instead.
Usage
Implementing the interface follows the standard guidelines found in TracDev/ComponentArchitecture and of course TracDev/PluginDevelopment.
Only the permission_store configured in trac.ini will be used. The configured implementation will be called by the permissions system to grant, revoke and query permissions. This information is automatically cached and reused for some time.
Examples
Due to the complexity of implementing a full permission store backend, no simple example can be provided here.
Available Implementations
In Trac:
| DefaultPermissionStore | Stores permissions and admin defined permission groups in the project environment's SQL database. |
In third-party plugins:
| th:LdapPlugin | LdapPermissionStore uses LDAP directory as the permission store backend.
|
| th:ActiveDirectoryAuthPlugin | UserExtensiblePermissionStore extends DefaultPermissionStore adding an extension point, implemented to provide TRAC_ADMIN for members of a certain Active Directory group.
|
| th:TracForgePlugin | TracForgePermissionStore extends DefaultPermissionStore for multi project permissions.
|
| th:SuperUserPlugin | Wraps another (Default)PermissionStore to automatically give some users TRAC_ADMIN privileges.
|
Additional Information and References
- Epydoc API Reference
- See also IPermissionGroupProvider, IPermissionPolicy, IPermissionRequestor
- Related tickets:
- #5648 Move user defined groups to IPermissionGroupProvider implementation
- #4245 Inefficient algorithm used in
DefaultPermissionStore - comment:4:ticket:12915 The docstring for
IPermissionStore.get_user_permissionswas incorrect for years. - permissions in keywords
- Related mailing list topics:
- Early design discussion
- Some discussion about possible future enhancements
